I called my bank the other day to pay a bill. Having answered various security questions, the first options avialable to me on the IVR were: Press 1 if you want to make a bank transaction, or press 2 if you are concerned about bank data recently lost by the UK Government!
The data in question was bank details of 25 million citizens of the UK lost by HM Revenue and Customs. This is not an isolated case. Since this first snafu, further cases have come to light. These include two CDs of benefit claimant data lost by the Department for Work and Pensions, the Department of Health allowing junior doctors’ personal details to be visible to other job applicants, and thousands of patient records lost by nine different NHS trusts. Is this just the tip of the iceberg? I don’t think so. Rather, it points to serial incompetence in the workings of the UK Government when it comes to protecting our data from unauthorised use. If this level of incompetence came to light in the private sector, the companies concerned would be hounded by the data protection authorities, CXOs would be fired and companies would be sued for damages in the courts. But this is the UK Government, so it is somehow different!
Governments around the world are gathering more and more data about us, are sharing it unchecked within government circles and even outside these circles. In their eagerness to share the data, they often put our data at risk of being stolen. And when challenged, they are as opague and ‘economical with the truth’ about its use as ever.
The serial lapses in data protection by the UK Government show that they cannot be trusted with your and my data. This is a real concern in the information age in which we live. It is time that they started to take data protection seriously. And that they were held to account for their actions.
What do you think? Can governments be trusted with your data? Or are they just information knaves in the modern world?
Post a comment and get the conversation going.
Graham Hill
Independent CRM Consultant
Interim CRM Manager
Readability Index: 11
Graham – I think the simple answer to your question is “no.” Most governments cannot be sued, so there is no real recourse (other than people being mad) if the data is lost. Last summer, the US Veterans Administration lost millions of its member’s data. At the end of the day, the VA said “my bad” and millions of people were left trying to protect their identity.
This is a very good discussion and one that I think would attract different views in different value chains. For example, some (I don’t know why) might want the government to own data about medical trails, or clinical testing.
I think you could do a series asking this question for different value chains….
Should the government be trusted with our medical data?
Should the government be trusted with our diet and heath data?
Should the government be trusted with our financial data?
Etc.
Great question. I’d love to see some of the conversation. I am sure a lot of technologists would love for more government involvement to create standards so they can build easy interfaces to data sets. I am not sure people force to adhere to those standards would welcome government oversight.
Also, what degree of trust are we looking for? Many don’t even trust the government enough to define standards, or have the right to even oversee the data.
For full disclosure, my position might be biased because ideologically I am a small government, states rights, kind of guy – so I am more or less against the idea of the government being involved in any aspect of our lives. =).
Scott Santucci
Not content with the data protection snafus already outlined in my earlier article, it appears that the Ministry of Defence has now lost data on about 600,000 potential recruits to the armed forces. Or rather, a PC with the unencrypted data on it was stolen from a Navy officer’s car. The data lost includes national insurance, medical and banking information too. A godsend for identity theft criminals.
This is just the latest in a string of incompetent snafus by the UK Government. When are they going to take data protection as serious as the private sector already has to? And how can we protect ourselves from their general incompetence?
Graham Hill
Independent CRM Consultant
Interim CRM Manager
Readability Index: 11